Skip to main content
CVE-2020-37156 MEDIUM POC This Month

login.php contains a vulnerability that allows attackers to access the dashboard without valid credentials (CVSS 6.5).

PHP Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2019-25316 MEDIUM POC This Month

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. [CVSS 6.4 MEDIUM]

PHP XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25315 MEDIUM POC This Month

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface. [CVSS 6.4 MEDIUM]

WordPress XSS
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25311 MEDIUM POC This Month

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. [CVSS 6.4 MEDIUM]

XSS Thesystem
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2018-25157 MEDIUM POC This Month

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. [CVSS 6.4 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25317 MEDIUM POC PATCH This Month

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users. [CVSS 6.4 MEDIUM]

XSS Kimai
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2020-37192 MEDIUM POC This Month

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. [CVSS 6.2 MEDIUM]

XXE
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-70297 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser. [CVSS 6.1 MEDIUM]

XSS Mealie
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-26023 MEDIUM POC PATCH This Month

Dify versions prior to 1.13.0 contain a stored cross-site scripting vulnerability in the chat frontend's echarts integration that executes malicious JavaScript payloads embedded in user or LLM-generated inputs. An attacker can exploit this to perform actions in the context of other users' browsers, potentially stealing session tokens or conducting phishing attacks. Public exploit code exists for this vulnerability, though a patch is available in version 1.13.0 and later.

XSS AI / ML Dify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25314 MEDIUM POC This Month

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces. [CVSS 5.5 MEDIUM]

WordPress XSS
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25062 MEDIUM POC This Month

Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attackers with high privileges to traverse the directory structure and read arbitrary files from the server. Public exploit code exists for this path traversal vulnerability, and no patch is currently available for affected deployments.

Path Traversal Outline
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2019-25312 MEDIUM POC This Month

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. [CVSS 5.4 MEDIUM]

XSS Inoerp
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-70296 MEDIUM POC This Month

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view. [CVSS 5.4 MEDIUM]

Command Injection Mealie
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2020-37172 MEDIUM POC This Month

Avideo versions up to 8.1 is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).

CSRF Avideo
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-26479 MEDIUM POC This Month

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. [CVSS 5.3 MEDIUM]

Information Disclosure Statping Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-26478 MEDIUM POC This Month

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. [CVSS 5.3 MEDIUM]

Information Disclosure Statping Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2020-37158 MEDIUM POC This Month

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. [CVSS 5.3 MEDIUM]

CSRF Avideo
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2020-37208 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37205 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37204 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37201 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37200 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher Stack Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37212 MEDIUM POC This Month

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotmsn Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37211 MEDIUM POC This Month

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotim Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37210 MEDIUM POC This Month

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotie Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37209 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotftp Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37207 MEDIUM POC This Month

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotdialup Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37206 MEDIUM POC This Month

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. [CVSS 7.5 HIGH]

Denial Of Service Sharealarmpro Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37199 MEDIUM POC This Month

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37197 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37196 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2019-25313 MEDIUM POC This Month

FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. [CVSS 4.0 MEDIUM]

CSRF
NVD Exploit-DB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-25869 MEDIUM This Month

MiniGal Nano 0.3.5 and earlier are vulnerable to a path traversal attack in the dir parameter that bypasses insufficient dot-dot sequence filtering, allowing unauthenticated remote attackers to access and enumerate image files from arbitrary filesystem locations readable by the web server. This results in confidential information disclosure from unintended directories. No patch is currently available.

PHP Path Traversal Information Disclosure Minigal Nano
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-13651 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data.

Information Disclosure Zeusweb
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-48722 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47209 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30266 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22894 MEDIUM This Month

File Station 6 contains a path traversal vulnerability that allows authenticated attackers to read arbitrary files and system data on affected systems. An attacker with valid user credentials can exploit this flaw to access sensitive information beyond intended restrictions. No patch is currently available for File Station 6, though File Station 5.5.6.5190 and later versions have been remediated.

Path Traversal File Station
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68406 MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66278 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58470 MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58467 MEDIUM This Month

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54169 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure File Station
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20644 MEDIUM PATCH This Month

Memory handling flaws in Apple's macOS, iOS, iPadOS, and Safari allow remote attackers to crash affected processes by serving specially crafted web content, requiring only user interaction to trigger the denial of service. The vulnerability affects multiple Apple platforms and products across recent versions, with fixes available in macOS Tahoe 26.3, iOS 18.7.5, iPadOS 18.7.5, and Safari 26.3. No patches are currently available for all affected versions.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20636 MEDIUM PATCH This Month

Denial of service in Apple Safari, iOS, iPadOS, and macOS results from improper memory handling when processing maliciously crafted web content, causing unexpected process crashes. An unauthenticated remote attacker can trigger this vulnerability through a specially crafted webpage, affecting users who view the malicious content. No patch is currently available for this vulnerability.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62854 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Denial Of Service File Station
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57708 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 6.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54148 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54147 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54146 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Null Pointer Dereference Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy